BTC $71,807
2026 Bull Run Is Building Start trading with 5% OFF all fees
Sign Up Now
BTC $71,807
Bull Run 2026 | 5% Off Fees Open your Binance account today
Sign Up

North Korea Hacks Crypto Firms with AI Deepfakes

North Korean hackers use AI deepfakes and complex malware to steal cryptocurrency.

  • UNC1069, a North Korean threat actor, is using sophisticated AI-generated deepfake videos and fake Zoom meetings to target the cryptocurrency sector.
  • The attack chain deploys up to seven unique malware families to steal credentials, browser data, and session tokens aimed at financial theft.
  • The group now focuses on Web3 targets like centralized exchanges and venture capital firms, shifting from traditional finance spear-phishing.

The North Korean cyber-espionage group UNC1069 has escalated its social engineering prowess, leveraging AI-generated deepfake videos in a complex campaign to steal from cryptocurrency firms, according to researchers. The intrusion begins with the threat actor impersonating venture capitalists on Telegram to lure victims into a phony Zoom meeting.

- Advertisement -

Victims are shown a convincing, fake video call interface displaying recorded or deepfake footage to simulate a live participant. Once trust is established, the page displays a bogus error message and prompts the user to run a troubleshooting command.

This “ClickFix” infection vector triggers the deployment of multiple new malware families. For macOS systems, an AppleScript drops a C++ information-gathering tool called WAVESHAPER.

Consequently, this executable distributes further payloads, including the Go-based downloader HYPERCALL. HYPERCALL then serves additional backdoors and stealers like HIDDENCALL and DEEPBREATH.

The Swift-based DEEPBREATH data miner specifically manipulates macOS security to access system credentials and data from browsers like Chrome and applications like Telegram. Meanwhile, the C++ malware CHROMEPUSH is deployed as a malicious browser extension to record keystrokes and extract cookies.

- Advertisement -

Mandiant analysts noted, “The volume of tooling deployed on a single host indicates a highly determined effort to harvest credentials, browser data, and session tokens to facilitate financial theft.” This campaign marks a significant expansion in the group’s capabilities as it intensifies its focus on the Web3 ecosystem.

✅ Follow BITNEWSBOT on Telegram, Facebook, LinkedIn, X.com, and Google News for instant updates.

Previous Articles:

- Advertisement -
Ad
Altseason Is Loading. Don't watch from the sidelines.
SOL $90.51
DOGE $0.0963
LINK $9.02
SUI $1.00
5% off fees when you sign up
Start Trading
Ad
Pay Less on Every Trade. For Life.
$10K/mo volume Save $60/yr
$50K/mo volume Save $300/yr
$100K/mo volume Save $600/yr
5% off all trading fees when you sign up
Claim Your Discount

Latest News

Saylor and Back oppose BIP-110 fork over Bitcoin security fears

Michael Saylor and Adam Back have publicly opposed BIP-110, a temporary Bitcoin fork proposal...

China, India groups target Pakistani police in cyber espionage

Suspected China- and India-aligned threat actors targeted Pakistani law enforcement in a sustained cyber...

AMD Stock Dips 10% Amid AI Volatility Ahead of Q3 Earnings

AMD stock fell nearly 10% from $580 on June 30 to roughly $516 by...

Bitcoin Creator Back Warns BIP-110 Data Limit Could Split Network

Adam Back said Bitcoin has "robustly rejected" BIP-110, arguing the proposal conflicts with the...

Analyst Says Bitcoin Bear Market Nearing End as Momentum Slows

Bitcoin may be entering the latter stages of the bear market as downside momentum...

Must Read

How Cryptocurrency Works For Beginners?

Welcome to the world of cryptocurrency! If you're new to this exciting and rapidly evolving landscape, you might feel like Alice in Wonderland, exploring...
Ad
Altseason Is Loading. These 4 coins are trending right now.
SOL $92.12
DOGE $0.0950
LINK $9.02
SUI $1.02
5% off spot fees when you sign up
Start Trading